Re: git: f08247fd888e - main - Assert that mbufs are writable if we write to them

From: Mark Johnston <markj_at_freebsd.org>
Date: Wed, 11 Sep 2024 14:45:44 UTC
On Wed, Sep 11, 2024 at 11:18:26AM +0000, Kristof Provost wrote:
> The branch main has been updated by kp:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=f08247fd888e6f7db0ecf2aaa39377144ac40b4c
> 
> commit f08247fd888e6f7db0ecf2aaa39377144ac40b4c
> Author:     Kristof Provost <kp@FreeBSD.org>
> AuthorDate: 2024-09-10 20:15:31 +0000
> Commit:     Kristof Provost <kp@FreeBSD.org>
> CommitDate: 2024-09-11 11:17:48 +0000
> 
>     Assert that mbufs are writable if we write to them
>     
>     m_copyback() modifies the mbuf, so it must be a writable mbuf.

This change still triggers a panic for me when running KTLS tests.  I
note that EXTPG mbufs always have M_RDONLY set, but I'm not quite sure
why.  I suspect such mbufs need special handling with respect to the new
assertion.

syzbot also triggered this panic:
https://syzkaller.appspot.com/bug?extid=58c918369f9dc323409d

>     Reviewed by:    glebius
>     Sponsored by:   Rubicon Communications, LLC ("Netgate")
>     Differential Revision:  https://reviews.freebsd.org/D46627
> ---
>  sys/kern/uipc_mbuf.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/sys/kern/uipc_mbuf.c b/sys/kern/uipc_mbuf.c
> index f6ce9b5cc74b..3232af880925 100644
> --- a/sys/kern/uipc_mbuf.c
> +++ b/sys/kern/uipc_mbuf.c
> @@ -1280,6 +1280,8 @@ m_copyback(struct mbuf *m0, int off, int len, c_caddr_t cp)
>  
>  	if (m0 == NULL)
>  		return;
> +
> +	MPASS(M_WRITABLE(m0));
>  	while (off > (mlen = m->m_len)) {
>  		off -= mlen;
>  		totlen += mlen;